Senior SIEM Engineer (ELK / Sentinel)

About Coalfire

Position Summary

What You'll Do

• Collaborate with a high-performing engineering team to deliver specialized security and cloud solutions across private and public sector environments.
• Serve as a cloud Subject Matter Expert (SME) by leading design, architecture, and deployment engagements in AWS, Azure, or GCP, leveraging automated orchestration and configuration management.
• Partner with leading Cloud Service Providers (CSPs) and enterprise clients to meet stringent security requirements and drive digital transformation efforts.
• Implement, update, and maintain security tooling solutions (e.g., Trend Micro, CrowdStrike, Microsoft Defender) to ensure robust threat detection, AV protection, and compliance.
• Implement, maintain, and update SIEM solutions (e.g., Splunk, Sentinel, ELK, LogRhythm, Sumo Logic) to enhance visibility and proactively mitigate cyber threats.
• Develop client cloud and security strategies, including future-state architectures, roadmaps, and transformation plans.
• Conduct cloud configuration and maturity reviews to identify gaps, optimize performance, and strengthen security posture.
• Coordinate with clients and internal teams to establish the right balance of defense-in-depth techniques, translating security objectives into secure, scalable solutions.
• Leverage Infrastructure-as-Code to build and implement secure and compliant enterprise servers, network infrastructures, boundary protections, and cloud architectures.
• Work across diverse technology stacks in AWS, Azure, and GCP, utilizing native cloud services to enhance deployments and streamline operations.
• Provide guidance during security assessment and authorization processes, ensuring alignment with industry frameworks and compliance standards.
• Author and peer-review detailed design documentation, including security documentation and vendor best practices, to maintain consistently high-quality deliverables.

What You'll Bring

• 5+ years of hands-on systems engineering and architecture experience—including requirements definition, architecture development, use-case/story creation, and systems integration/testing.
• 5+ years of cloud experience in architecture, design, implementation, operations, and automation (AWS, Azure, or GCP).
• Advanced proficiency with Infrastructure-as-Code (IaC) and orchestration/automation tools (e.g., Terraform, Ansible).
• Proven expertise with SIEM platforms (e.g., Splunk, Sentinel, ELK, LogRhythm, Sumo Logic) and enterprise antivirus (AV) solutions (e.g., Trend Micro, CrowdStrike, Microsoft Defender).
• Deep understanding of AWS, Azure, or GCP platform capabilities (ideally as a Cloud Architect, Cloud DevOps Engineer, or Cloud Security Engineer).
• Experience working in Agile environments with technical teams of three or more individuals.
• Excellent communication, organizational, and problem-solving skills, with the ability to convey complex technical information clearly.
• Strong documentation skills for creating technical diagrams, written descriptions, and other supporting materials.
• Demonstrated ability to work both independently and as a member of a team, maintaining a professional attitude and demeanor.
• Critical thinking skills to balance robust security requirements against mission objectives.
• Proven track record of adapting quickly and efficiently in fast-paced, dynamic environments
• Proven track record delivering end-to-end SIEM solutions in large-scale or high-compliance environments—from initial design through operational handover.
• Hands-on leadership or senior-level contribution in cloud security projects, collaborating across cross-functional teams (e.g., DevOps, architecture, compliance) to drive impactful security outcomes.
• Documented success integrating multiple security tools (SIEM, AV, intrusion detection systems, etc.) into a cohesive, enterprise-wide monitoring solution.
• History of working under strict regulatory or industry frameworks (e.g., FedRAMP, HIPAA, PCI), ensuring solutions meet required standards without sacrificing performance.
• Demonstrable client-facing experience in a consulting or services capacity, maintaining professionalism and clear communication in high-stakes or fast-paced engagements.

Bonus Points

• Professional services background: Prior experience supporting external clients from within a consulting or professional services organization.
• Advanced threat detection: Hands-on experience with techniques such as user and entity behavior analytics (UEBA) or machine learning-based anomaly detection.
• Automation capabilities: Experience automating workflows in GitLab or GitHub with Terraform and Ansible.
• Modern application architectures: Proven expertise with serverless, microservices, and related technologies.
• Configuration baseline standards: Familiarity with CIS Benchmarks, DISA STIG, and other relevant guidelines.
• Encryption technologies: Hands-on experience implementing SSL, PKI, and other encryption methods.
• Compliance frameworks: Understanding of FedRAMP, FISMA, HIPAA, HITRUST, PCI, and similar regulatory standards.
• Splunk Enterprise Certified Admin or SumoLogic Administration or Microsoft Security Operations Analyst Associate
• AWS Solutions Architect Professional or AWS DevOps Engineer Professional or Azure Solutions Architect Expert or GCP Cloud Architect
• Splunk Enterprise Certified Architect or Splunk Certified Automation Developer

Why You’ll Want to Join Us